Critical Security Flaws Exposed in Nagios XI Network Monitoring Software

The Nagios XI network monitoring software has been found to have a number of security weaknesses that could lead to information exposure and privilege escalation. The four security flaws affect Nagios XI versions 5.11.1 and lower and are tagged as CVE-2023-40931 through CVE-2023-40934. They have been patched as of September 11, 2023, with the release of version 5.11.2, after responsible disclosure on August 4, 2023.

According to Outpost24 researcher Astrid Tedenbrant, “Three of these vulnerabilities (CVE-2023-40931, CVE-2023-40933, and CVE-2023-40934) allow users, with various levels of privileges, to access database fields via SQL Injections.” “The data obtained from these vulnerabilities may be used to further escalate privileges in the product and obtain sensitive user data, such as password hashes and API tokens.”

Critical Security Flaws Exposed in Nagios XI Network Monitoring Software

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Critical Security Flaws Exposed in Nagios XI Network Monitoring Software

20-Sep-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address